LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

251

252

253

254

255

256

257

258

259

260

If you do not see such output, your proxy user might not be configured properly. Make sure

you have access permissions set correctly for the proxy user. For more information about

configuring the proxy user, see Section 2.4.4 (page 65).

You can also try binding to the directory as the directory administrator and reading the user's

information.

If you are using anonymous access, (determined by the value of the credentialLevel

attribute in the configuration profile), try searching for one of your user's information in the

directory with a command like the following:

./ldapsearch -h servername -b "o=hp.com" uid=username

using the name of your directory server (from display_profile_cache), search base DN

(from display_profile_cache), and a user name from the directory.

You should get output similar to the previous example. If you do not, anonymous access might

be configured incorrectly. Make sure you have access permissions set correctly for anonymous

access. For more information about configuring anonymous access for an HP directory server,

see Section 2.4.4 (page 65).

Searching as the proxy user for a Windows ADS user's information

The following command example shows how to search as the proxy user for a specific Windows

ADS user's information:

cd /opt/ldapux/bin

./ldapsearch -h servername -b "baseDN" -D "proxyuser" -w passwd unixName=username

where servername is the name of your directory server (from display_profile_cache),

baseDN is the search base DN (from display_profile_cache), proxyuser is the proxy

user (from ldap_proxy_config -p), and username is a name of a user in the directory.

For example:

cd /opt/ldapux/bin

./ldapsearch -h sys001.hp.com -b -D "CN=proxyuser,CN=users,DC=accts,DC=acme,DC=com" -w passwd \

unixName=biljonz

You should get output similar to the following:

dn: CN=John R Bill

Jones,CN=Users,DC=cup,DC=hp,DC=com

accountExpires: 9223372036854775807

badPasswordTime: 0

badPwdCount: 0

codePage: 0

cn: John R Bill Jones

countryCode: 0

instanceType: 4

lastLogoff: 0

lastLogon: 0

logonCount: 0

distinguishedName: CN=John R Bill Jones,CN=Users,DC=cup,DC=hp,DC=com

objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=cup,DC=hp,DC=com

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: user

objectGUID:: m0weqe/tykmLX1yw8Y/QZw==

objectSid:: AQUAAAAAAAUVAAAAEZm5eELHdFIVJa9HtgYAAA==

primaryGroupID: 513

pwdLastSet: 0

name: John R Bill Jones

sAMAccountName: biljonz

sAMAccountType: 805306368

userAccountControl: 546

uSNChanged: 15284

uSNCreated: 15283

whenChanged: 20001222132148.0Z

whenCreated: 20001222132148.0Z

gecos: John R Bill Jones,6394,DEV

gidNumber: 1771

7.13 Troubleshooting 255